Hackers steal Bayfront Health patient information

ST. PETERSBURG — Hackers stole information from about 4.5 million patients in hospital giant Community Health Systems computer network, but it remains unclear how many people at the company’s clinics at Bayfront Health in St. Petersburg and elsewhere may have been targeted.

Officials with the Tennessee-based company said no medical or credit card records were taken in the attack earlier this year, but they did take patients’ names, addresses, birth dates and telephone and Social Security numbers.

Community Health Systems will mail letters to each affected patient and will offer them identity theft protection services.

The cyber attack targeted patients at physician practices and clinics at Bayfront Health St. Petersburg as opposed to people who stayed in the hospital, medical center spokeswoman Elena Mesa said. Those affected should be informed by the end of the month, she said.

“If you don’t get a letter, you weren’t affected,” she said.

“But they’re still working to find out which patients were affected, if any,” she added.

The hospital operator said it believes the attack came from a group in China that used sophisticated malware and technology to get the information. Community Health has since removed the malware from its system and finalized “other remediation efforts” to prevent future attacks.

The company believes the hackers were looking for valuable intellectual property, including data on medical devices and high-tech equipment.

“The intruder has been eradicated and applications have been deployed to protect against future attacks. We are working with federal law enforcement authorities in their investigation and will support prosecution of those responsible for this attack,” Community Health wrote in a statement.

The information taken came from patients who were referred to or received care from doctors tied to the company over the past five years.

A year ago, Community Health purchased dozens of hospitals from the troubled Health Management Associates chain of Naples. The hospitals include the Bayfront Health group in St. Petersburg and smaller community hospitals in West Central and Southwest Florida, such as Bayfront Health Spring Hill and Bayfront Health Brooksville.

The company owns, leases or operates 206 hospitals in 29 states.

The attack follows other high-profile data security problems that have hit retailers like the e-commerce site eBay and Target Corp. Last year, hackers stole from Target about 40 million debit and credit card numbers and personal information for 70 million people.